learnhtml
  • Responsive thẻ meta
  • 🥹[GSAP] một mẫu sử dụng ScrollTrigger, Observer, ScrollSmoother crack (ok)
  • 😝Font Awesome Kits are here to save the day! Fast, flexible, friendly, and full of icons (ok)
  • 😅Custom Map
  • 🥰D3.js render Vietnam map (ok)
  • 😆Free Vietnam SVG Map (ok)
  • Tính khoảng cách đường bay Airport Distance Map
  • 😍Bộ công cụ chuyển đổi Text to SVG && Animation 😉
  • 😅Cách sử dụng aspect ratio với CSS3, video aspect-ratio (ok)
  • 😅is there a way I can create an Email link defaulting to Gmail? (ok)
  • 😅document.write jquery-3.7.0.min.js (ok)
  • 😅CodePen Home File Sharing Web App (ok)
  • 😅Template Tiktok khamphukhoa.net.vn (ok)
  • 😅Div Table Full (ok)
  • 🧐Coreui giao diện admin sử dụng bootstrap 5 (ok)
  • 😆Type datetime-local (ok)
  • [Admin] AdminLTE (ok)
  • [ADMIN] Laravel Admin (ok)
  • Thẻ colgroup cho phép chúng ta điều chỉnh độ rộng của table (ok)
  • Tổng quan về Material Design Lite
  • Fullscreen Horizontal Page Slider with jQuery and CSS3 - HSlider scroll template html (ok)
  • Bảng mã ký tự hay dùng :))) trong html
  • Tất cả những gì bạn cần biết về thuộc tính Data trong HTML5
  • Responsive Images trên Web
  • Tìm hiểu về BEM trong 15 phút
  • Cách sử dụng base để copy đường dẫn :(
  • Structure website HTML
  • Show Heading (ok)
  • Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN' (ok)
  • --------- Start AppML --------------
  • AppML Tutorial (ok)
  • appml-include-html, appml-controller (ok)
  • AppML Messages (ok)
  • AppML API (ok)
  • AppML PHP (ok)
  • --------- End AppML --------------
Powered by GitBook
On this page
  • Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN'
  • 4 Answers

Was this helpful?

Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN' (ok)

https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin

PreviousShow Heading (ok)Next--------- Start AppML --------------

Last updated 4 years ago

Was this helpful?

Đã ok.

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>X-Frame-Bypass For Global CI calendar</title>
    <style>
        html, body {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }
        iframe {
            display: block;
            width: calc(100% - 40px);
            height: calc(100% - 40px);
            margin: 20px;
            border: 0;
        }

    </style>

    <!-- To bypass the CROSS ORIGIN Resource issue -->
        <script src="x-frame-bypass.js" type="module"></script>

    <!-- Support Customized built-in elements for Safari-->
        <script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>

</head>
<body>
    <iframe is="x-frame-bypass" src="https://www.link_to_any_website.com"></iframe>
</body>
</html>

Getting an error when i try to inspect element in chrome:

How to display a site inside an iframe in which the website has 'X-Frame-Options' to 'SAMEORIGIN'?

4 Answers

Web server conf,

for me i use nginx.conf

find add_header X-Frame-Options SAMEORIGIN; and change it toadd_header X-Frame-Options "ALLOWALL";

To solve this error:

You just place this code in your .htaccess file according to the access level you want to provide:

  1. X-Frame-Options: deny

  2. X-Frame-Options: sameorigin

  3. X-Frame-Options: "allow-from https://example.com/"

To test it, just save this code in an index.html file and place in the same directory the file x-frame-bypass.js that you can download from the above Github repository.

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>X-Frame-Bypass For Global CI calendar</title>
    <style>
        html, body {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }
        iframe {
            display: block;
            width: calc(100% - 40px);
            height: calc(100% - 40px);
            margin: 20px;
            border: 0;
        }

    </style>

    <!-- To bypass the CROSS ORIGIN Resource issue -->
        <script src="x-frame-bypass.js" type="module"></script>

    <!-- Support Customized built-in elements for Safari-->
        <script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>

</head>
<body>
    <iframe is="x-frame-bypass" src="https://www.link_to_any_website.com"></iframe>
</body>
</html>

Asked 6 years agoActive Viewed 31k times52

Refused to display '' in a frame because it is set 'X-Frame-Options' to 'SAMEORIGIN'.

I tried searching on google but I could not find any proper solution, some are for asp.net only. follow 2,1411919 silver badges3131 bronze badgesasked Jun 26 '14 at 1:5326322 gold badges77 silver badges1919 bronze badges

Possible duplicate of –

3

Your web server sends the header and blocks the content. You should probably change this setting to Allow from same origin. follow answered Jul 30 '14 at 6:0778788 silver badges88 bronze badges

4From where we should change this settings. –

1

.

follow 34.2k88 gold badges6565 silver badges8080 bronze badgesanswered Jan 14 '19 at 14:137144 bronze badges0

Me too I had a similar problem. Loading my web page into an iframe on another website I was getting this error: Refused to display '' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I've solved using this web component that allow an IFrame to bypass the X-Frame-Options: deny/sameorigin response header.

Since Safari doesn't support Customized built-in elements, I've added an extra script that allow the support.

follow answered Jan 22 '19 at 14:441,22199 silver badges3030 bronze badges

3Danger: This script works by passing everything through a proxy server. All data will be visible to the controller of the proxy server (including any login credentials submitted through the iframe). It depends on the proxy server being live (and open proxies like this tend to just strain under ever increasing load until they die and break your site which depends on them). Using a proxy to bypass X-Frame-Options dips into risky intellectual property territory too: you risk getting sued for copyright infringement. –

Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN'
Ask Question
5 months ago
http://www.samplesite.com/
How to set 'X-Frame-Options' on iframe?
Quentin
Jan 22 '19 at 14:50
add a comment
Active
Oldest
Votes
Sukhpal Singh
Sep 12 '18 at 4:44
add a comment
https://mywebsite.com
https://github.com/niutech/x-frame-bypass
https://www.chromestatus.com/feature/4670146924773376
Quentin
Jan 22 '19 at 14:47
https://github.com/niutech/x-frame-bypass
iframe
x-frame-options
share
improve this question
edited Jan 21 at 12:45
lbonn
zen
share
improve this answer
ysk
share
improve this answer
edited Jan 14 '19 at 14:27
Paul Roub
Mustaneer Abdullah
add a comment
share
improve this answer
edited Jan 24 '19 at 6:26
Davide Casiraghi
Issue as mentioned in screenshot
https://unpkg.com/@ungap/custom-elements-builtinunpkg.com
3KB
x-frame-bypass-master.zip
archive
2KB
min.zip
archive